Do an update, then upgrade, to make sure everything is up-to-date.yum -y updateyum -y upgrade

We need to create the user account that BackupPC will use and assign a password for it.adduser backuppcpasswd backuppc

You will be prompted to key-in your desired password. Remember this password ’cause you will need it later.

And now folks, the moment you’ve all been waiting for, the BackupPC installation! yum -y install BackupPC

I wish the command was longer or better yet, extremely complex but that’s just it…

After the package installation, two biggies are now in place, Apache and BackupPC. Verify that these services are listed in the startup script.chkconfig –list backuppcchkconfig –list httpd

Notice that both are turned off.

We need to make these two services start at startup. Do this:chkconfig backuppc onchkconfig httpd on

You’re probably guessing what’s Apache got to do with BackupPC; well, it runs the web interface but we need to do some tasks before we can use it. We first need to create the access file.htpasswd -c /etc/BackupPC/apache.users backuppc

You will be prompted for a password; just key-in the password you assigned the backuppc user awhile back.

Edit and save the BackupPC configuration file for Apache.nano /etc/httpd/conf.d/BackupPC.conf

Your changes should reflect something like this:
order deny,allow
deny from all
#allow from 127.0.0.1
#allow from ::1allow from all
AuthType Basic
AuthUserFile /etc/BackupPC/apache.usersAuthName “backuppc”

As a safety precaution, make a duplicate of the BackupPC main configuration file.cp /etc/BackupPC/config.pl /etc/BackupPC/config.pl.ORIG

We’ll use screen to help us accomplish this next task.screennano /etc/BackupPC/config.pl

In nano, press CTRL + W; this will invoke the search facility. Search for this parameter $Conf\{ServerMesgSecret\}.

Now, press CTRL + A + C; this will open another screen. Run this command:mkpasswd -l 32 -d 16

Highlight the output then press CTRL + A + P; this will bring you back to the previous screen. Right-click your mouse to paste the output between the single quotes of the aforementioned configuration parameter. You should have something like this:$Conf{ServerMesgSecret} = ’7687nR848l39etpm7812w1f-pj3iEpb7′;

Next, search for this parameter $Conf{CgiAdminUsers} and add backuppc. You should have something like this:$Conf{CgiAdminUsers} = ‘backuppc’;

This time, edit the Apache configuration file.nano /etc/httpd/conf/httpd.conf

To do active-mode FTP, you need to allow incoming connections to TCP port 21 and outgoing connections from port 20.

To do passive-mode FTP, you need to allow incoming connections to TCP port 21 and incoming connections to a randomly-generated port on the server computer (necessitating using a conntrack module in netfilter)

You don’t have anything re: your OUTPUT chain in your post, so I’ll include that here, too. If your OUTPUT chain is default-drop then this matters.

To support passive mode FTP, then, you need to load the ip_conntrack_ftp module on boot. Uncomment and modify the IPTABLES_MODULES line in the /etc/sysconfig/iptables-config file to read:

IPTABLES_MODULES="ip_conntrack_ftp"

Save the iptables config and restart iptables.

service iptables save
service iptables restart

To completely rule out VSFTPD as being a problem, stop VSFTPD, verify that it’s not listening on port 21 with a “netstat -a” and then run a :

nc -l 21

This will start netcat listening on port 21 and will echo input to your shell. From another host, TELNET to port 21 of your server and verify that you get a TCP connection and that you see output in the shell when you type in the TELNET connection.

Finally, bring VSFTPD back up, verify that it is listening on port 21, and try to connect again. If the connection to netcat worked then your iptables rules are fine. If the connection to VSFTPD doesn’t work after netcat does then something is wrong w/ your VSFTPD configuration.